02 November 2010

Kidnapping, Theft and Rape Are Not "Cyber" Crimes

Kidnap. Rape. There are no lesser words that can be used to describe what happened to the daughter of an anti-spam investigator in Russia.

His daughter was recently released, according to Joseph Menn’s recent article on Boing Boing, after having been kidnapped from her home five years ago, fed drugs, and made to service men, as a warning to ward off further investigations.

The criminals behind these vicious acts were also responsible for large spamming organization associated with Russian Mob activity.

Note that we say "also."

When someone is mugged, harassed, kidnapped or raped on a sidewalk, we don't call it "sidewalk crime" and call for new laws to regulate sidewalks. It is crime, and those who commit crimes are subject to the full force of the law.

For too long, people have referred to spam in dismissive terms: just hit delete, some say, or let the filters take care of it. Others — most of us, in fact — refer to phishing, which is the first step in theft of real money from real people and institutions, as "cyber crime." It's time for that to stop.

Some of these crimes involve technology. So what? Criminals have used technology before.

Some of these crimes cross borders. So what? Crimes have crossed borders before.

Spam isn't illegal everywhere yet. So what? Spam 2.0 (spam, malware & spyware) is the leading edge of far worse activities, often things that have been illegal as long as we've had laws.

It is high time that governments and law enforcement stop thinking of computer crime as that perpetrated by teenagers in their parent’s basement. It is the Russian Mob and other organized criminals that are doing this.

While we are at it, we should mention ‘cyber-warfare’, something too often conflated with cyber-crime. Cyber-crime is not "cyber-warfare.” There may be state or terrorist agencies copying the tactics and methods of these criminals, but that does not mean that the criminals must be left alone until new cyber-warfare agencies have been created and funded.

"Why aren't we seeing the investment and prioritization being made in law enforcement, first? Why is all the publicity, funding and prioritization being given to the military - with efforts such as the build-up of the military cyber command - when so much of the clear and present threat is from the criminal element and not from other nation-states?"

Just so, Prof. Spafford!

As we have said repeatedly on this site, these are criminal gangs who have found an incredible loophole in the justice systems of the world: they can rob banks and people, with little chance of getting caught, let alone going to jail. This is not because they're doing things that aren't illegal; they've just found a new way to hide.

David Black, manager of the RCMP's cyber infrastructure protection section recently said to CAUCE Executive Director Neil Schwartzman “we don’t do spam”. OK, but why not? Spam is no longer, and hasn’t been for some time, about simply sending unwanted emails. Spam is now a delivery mechanism for malware, which in turn threatens infrastructure, and facilitates theft. We have seen precious few cases filed using existing Federal computer intrusions laws in Canada, and none, to our knowledge have been filed under the renovated anti-phishing law, S-4, passed in September 2009.

Governments and law enforcement agencies need to begin to treat online theft with the same seriousness as they do other physical crimes. It is time to bring this up to the diplomatic level, or seriously consider refusing packets from places that treat the Internet, and innocent victims, as their personal ATM.

CAUCE is made up of people who care about email qua email. We understand it, we love it. It is still the ‘killer app’. Furthermore, we understand why some folks in law enforcement or the judiciary might ask, "When there are people stealing millions or hurting people in the commission of violent crimes, why are you wasting our time with 'just' a spam case?” Here's why:

Most spam is sent by organized criminal gangs, just like other organized crime.

Those gangs intentionally operate trans-nationally, in an effort to frustrate investigation and prosecution.

Money laundering of the proceeds from spam is routine, and that money directly fuels official corruption and other social ills.

Some spammers are actually selling something. Their favorite product? Counterfeit pharmaceuticals. In many cases these may be scheduled controlled substances, sold in bulk, and available to minors; in other cases, critical medicines needed to properly treat cancer and other serious illnesses may be counterfeit placebos, with potentially tragic results.

Spammers operate by compromising tens or hundreds of thousands of end-user PCs, violating those users' privacy and sometimes steal sensitive personally identifiable information such as individuals’ and even corporate access to financial services at the same time they're using their systems to spam. Computer ‘phishing’ is no less a crime than bank robbery, home invasion, and mugging.

Cyber criminals consider cyber crime to be a virtually riskless offense; they're unlikely to be identified; if identified, they're unlikely to be investigated; if investigated, they're unlikely to be charged and prosecuted; if prosecuted, they're unlikely to be convicted; if convicted, they're unlikely to do jail time.

The courts need to make it clear that that's wrong in all respects. If you commit cyber crimes, you will be identified, investigated, charged, prosecuted, convicted and sentenced to serious time and we will seize your assets.

This will not happen so long as crime, which involves the Internet, is dismissed as "cybercrime" and either scoffed at, or used to justify ever-increasing cyberwarfare budgets

This isn't just email. This isn't a war. This isn't "cyber.” This is crime. It is time to call a cop, and expect a response.

Comments

Kidnapping, Theft and Rape Are Not "Cyber" Crimes

Kidnap. Rape. There are no lesser words that can be used to describe what happened to the daughter of an anti-spam investigator in Russia.

His daughter was recently released, according to Joseph Menn’s recent article on Boing Boing, after having been kidnapped from her home five years ago, fed drugs, and made to service men, as a warning to ward off further investigations.

The criminals behind these vicious acts were also responsible for large spamming organization associated with Russian Mob activity.

Note that we say "also."

When someone is mugged, harassed, kidnapped or raped on a sidewalk, we don't call it "sidewalk crime" and call for new laws to regulate sidewalks. It is crime, and those who commit crimes are subject to the full force of the law.

For too long, people have referred to spam in dismissive terms: just hit delete, some say, or let the filters take care of it. Others — most of us, in fact — refer to phishing, which is the first step in theft of real money from real people and institutions, as "cyber crime." It's time for that to stop.

Some of these crimes involve technology. So what? Criminals have used technology before.

Some of these crimes cross borders. So what? Crimes have crossed borders before.

Spam isn't illegal everywhere yet. So what? Spam 2.0 (spam, malware & spyware) is the leading edge of far worse activities, often things that have been illegal as long as we've had laws.

It is high time that governments and law enforcement stop thinking of computer crime as that perpetrated by teenagers in their parent’s basement. It is the Russian Mob and other organized criminals that are doing this.

While we are at it, we should mention ‘cyber-warfare’, something too often conflated with cyber-crime. Cyber-crime is not "cyber-warfare.” There may be state or terrorist agencies copying the tactics and methods of these criminals, but that does not mean that the criminals must be left alone until new cyber-warfare agencies have been created and funded.

"Why aren't we seeing the investment and prioritization being made in law enforcement, first? Why is all the publicity, funding and prioritization being given to the military - with efforts such as the build-up of the military cyber command - when so much of the clear and present threat is from the criminal element and not from other nation-states?"

Just so, Prof. Spafford!

As we have said repeatedly on this site, these are criminal gangs who have found an incredible loophole in the justice systems of the world: they can rob banks and people, with little chance of getting caught, let alone going to jail. This is not because they're doing things that aren't illegal; they've just found a new way to hide.

David Black, manager of the RCMP's cyber infrastructure protection section recently said to CAUCE Executive Director Neil Schwartzman “we don’t do spam”. OK, but why not? Spam is no longer, and hasn’t been for some time, about simply sending unwanted emails. Spam is now a delivery mechanism for malware, which in turn threatens infrastructure, and facilitates theft. We have seen precious few cases filed using existing Federal computer intrusions laws in Canada, and none, to our knowledge have been filed under the renovated anti-phishing law, S-4, passed in September 2009.

Governments and law enforcement agencies need to begin to treat online theft with the same seriousness as they do other physical crimes. It is time to bring this up to the diplomatic level, or seriously consider refusing packets from places that treat the Internet, and innocent victims, as their personal ATM.

CAUCE is made up of people who care about email qua email. We understand it, we love it. It is still the ‘killer app’. Furthermore, we understand why some folks in law enforcement or the judiciary might ask, "When there are people stealing millions or hurting people in the commission of violent crimes, why are you wasting our time with 'just' a spam case?” Here's why:

Most spam is sent by organized criminal gangs, just like other organized crime.

Those gangs intentionally operate trans-nationally, in an effort to frustrate investigation and prosecution.

Money laundering of the proceeds from spam is routine, and that money directly fuels official corruption and other social ills.

Some spammers are actually selling something. Their favorite product? Counterfeit pharmaceuticals. In many cases these may be scheduled controlled substances, sold in bulk, and available to minors; in other cases, critical medicines needed to properly treat cancer and other serious illnesses may be counterfeit placebos, with potentially tragic results.

Spammers operate by compromising tens or hundreds of thousands of end-user PCs, violating those users' privacy and sometimes steal sensitive personally identifiable information such as individuals’ and even corporate access to financial services at the same time they're using their systems to spam. Computer ‘phishing’ is no less a crime than bank robbery, home invasion, and mugging.

Cyber criminals consider cyber crime to be a virtually riskless offense; they're unlikely to be identified; if identified, they're unlikely to be investigated; if investigated, they're unlikely to be charged and prosecuted; if prosecuted, they're unlikely to be convicted; if convicted, they're unlikely to do jail time.

The courts need to make it clear that that's wrong in all respects. If you commit cyber crimes, you will be identified, investigated, charged, prosecuted, convicted and sentenced to serious time and we will seize your assets.

This will not happen so long as crime, which involves the Internet, is dismissed as "cybercrime" and either scoffed at, or used to justify ever-increasing cyberwarfare budgets

This isn't just email. This isn't a war. This isn't "cyber.” This is crime. It is time to call a cop, and expect a response.